The Clinton administration is decreasing red tape
and increasing the speed of computers that can be exported
to all countries except Iraq, Libya, North Korea, Cuba,
Sudan, and Syria. [MSNBC, 01Feb00. NewsScan.]

China has decided that all information put on the Web
must first be viewed and approved by national security forces,
including news reports. Chat room operations must also be
approved. Every corporate and individual user of encryption
must turn in a form documenting the techniques used.
[WSJ, 27Jan00. Edupage.] (The encryption deadline was widely
ignored. "If everyone ... had complied, about 9M Internet users
would have shown up in one tiny government office to hand-deliver
a form specifying what kind of encryption they used." [NYTimes,
01Feb00. NewsScan.])

A Norwegian teenager and his father have been charged
for publishing their DVD security code crack. [AP. NYT,
26Jan00. NewsScan.]

A programmer in Paris spent four years cracking the 640-bit
encryption key used to verify digital signature on smartcards,
to patent his own version (for sale for $1.5M). Unfortunately,
he demonstrated his homemade card to bank officials by purchasing
Paris Metro tickets. He has been arrested on counterfeiting
and fraud charges, facing a possible 7-year jail term. [MSNBC,
25Jan00. NewsScan.]

Oops! Software used by the month-old X.Com online bank
allowed customers to transfer funds from anyone's US bank account.
All they needed was the account number and bank routing
information, which are printed on physical bank cheques.
(Yes, the British spelling of this word is superior to
the US spelling. Or at least easier to use unambiguously.)
X.Com ads have touted the ease of accessing and moving your money.
[NY Times, 28Jan00. NewsScan.]

NEC has a new encryption technology called Cipherunicorn-A
that uses false keys as decoys for a real key. It also uses
varying key lengths within the encryption sequence. [IBD,
27Jan00. NewsScan.]

A serious security flaw has been discovered in "cross-site
scripting" using code tied to URL links. The code can be hidden
in any website, online document, discussion forum, or email
message -- yes, even spam. Any link that sends you to another
page, or any form that asks for data, can activate unchecked code
or transmit private data invisibly. The threat occurs when
sites fail to verify that hidden code from a user's browser
is safe -- and most sites do not check code. CMU's CERT
Coordination Center "says only a massive effort by Web site
designers can remedy the problem, but in the interim, users
should avoid clicking on Web links from untrusted sources."
[AP. MSNBC , 02Feb00;
NewsScan. Also LA Times, 03Feb00; Edupage.]

Experience with computer problems shows that many are
PEBCAK errors: Problem Exists Between Chair And Keyboard.
[J.D. Stone, NewsScan, 19Jan00.] (But you don't get secure
systems just by educating people, or by yelling at them,
or by asking them to be really, really careful, or even
by hiring smarter people.)

-----
"Management is efficiency in climbing the ladder of success;
leadership determines whether the ladder is leaning against
the right wall." -- Stephen R. Covey.
-----